Threat Level: Infocon green

ISC Diary

Refresh Latest Diaries


More Java Woes

Published: 2012-09-26,
Last Updated: 2012-09-26 14:37:13 UTC
by Johannes Ullrich (Version: 1)

3 comment(s)

A number of readers alerted us of news reports stating that new "full sandbox escape" vulnerabilities had been reported to Oracle. At this point, there are no details available as to the nature of these vulnerabilities, and there is no evidence that any of these vulnerabilities are exploited. However, it is widely known that Oracle is working on a substantial backlog of these vulnerabilities. It is still recommended to use Java "with caution". Some best practices:

- Uninstall Java if you don't need it.
- if you do need Java, make sure it doesn't start automatically in your web browser.
- keep Java up to date
- reduce the number of Java variants you have installed to the minimum you need.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: hacking internet isc phishing sans security threat virus vulnerability worm
3 comment(s)
Top of page

Top of page

Comments

I wonder if you could use a QR code to launch this as well? I see people scanning QR codes everywhere, don"t know what you are going to get until it is too late.
posted by CyberCon, Wed Sep 26 2012, 17:21
Since a QR Code isn't much more than a link, it should work. FYI there is a QR-tool out from Symantec which checks QR-codes.
https://play.google.com/store/apps/details?id=com.symantec.norton.snap&hl=de
posted by Bernhard, Thu Sep 27 2012, 10:05
When I need to use Java, I use a copy of portable Firefox with Jportable (Portable Java) in the plugin folder. This works great and seems to be more reliable than the full version installed in my primary browser. I can have separate copies with different versions of Jportable in each to have specific Java versions available.
posted by jbmartin6, Thu Sep 27 2012, 13:03

New Comments closed for all Diaries older than two(2) weeks
Please send your comments to our Contact Form

Diary Archives

Top of page
site/port/ip search:

Announcement!

IPv6 Support Added

Our iptables client now supports submitting IPv6 firewall logs.

Get ISC Swag!!

Advertisement

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

UDP port 1434 directed attack to AS13489 IP ranges - by: Manuel Humberto Santander Pelaez (2013-05-24)

MoVP II - by: Adrien de Beaupre (2013-05-23)

Privilege escalation, why should I care? - by: Adrien de Beaupre (2013-05-22)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute